ssh and handson Matsuzaki maz Yoshinobu 1
|
|
- Madison Farmer
- 5 years ago
- Views:
Transcription
1 ssh and handson Matsuzaki maz Yoshinobu 1
2 Secure Shell (ssh) Replacement for unsecure tools/protocols rsh and telnet Usually listen on tcp/22 Whole communication is encrypted Ability to check server s signature Multiple ways to authenticate users public key password maz@iij.ad.jp 2
3 telnet how insecure? Checks username + password Plain text username password /etc/passwd username:<password> Anyone on the wire can monitor the communication Password leakage / guess A fake server can steal username & password maz@iij.ad.jp 3
4 ssh username + ( password or public key ) encrypted communication /etc/passwd username:<password> username credential host key encrypted ~$HOME/.ssh/authorized_keys ssh_rsa AAAAB3NzaC1yc2 Anyone can monitor the traffic, it s encrypted though Still there is a risk of password leakage / guess for password authentication maz@iij.ad.jp 4
5 Password authentication: setup /etc/passwd password the same secret information username:<password> Agree on a secret information called password per user maz@iij.ad.jp 5
6 Passwords for multiple hosts /etc/passwd password1 username:<password1> password2 /etc/passwd username:<password2> /etc/passwd username:<password1> User can use the same password or different ones per host User must remember combinations of host and password 6
7 Password for a shared account /etc/passwd password the same secret information username:<password> password Users need to share the secret information maz@iij.ad.jp 7
8 Password authentication is danger password username password /etc/passwd username:<password> Users should: remember it type it share it with remote hosts a password tends to be short using the same one on multiple hosts risks of shoulder hacking it s leaky maz@iij.ad.jp 8
9 Public key authentication: setup Private Public Public Generate a key pair Send the public key to a remote host On an UNIX host, authorized public keys for the user should be stored in $HOME/.ssh/authorized_keys Other devices have own configuration formats to store authorized public keys maz@iij.ad.jp 9
10 Keys for multiple host Public1 Private1 Public1 Private2 Public2 Public1 Public2 Public2 User can use the same key pair or a different key pair, and a host can store multiple public keys per user Modern software automatically chooses an appropriate private key during authentication maz@iij.ad.jp 10
11 Key for a shared account Private1 Public1 Public1 Public2 ~$HOME/.ssh/authorized_keys ssh_rsa AAAADGNgAd5ydd ssh_rsa AAAAB3fdJK12KLJ1... Private2 Public2 Each user can have own key pair Or you can share a private key among users (not recommended) maz@iij.ad.jp 11
12 Public key authentication Private ~$HOME/.ssh/id_rsa 3egcXJ9dkdBNGGA username nonce signed nonce Public ~$HOME/.ssh/authorized_keys ssh_rsa AAAADGNgAd5ydd A digital signature signed by private key can be verified by corresponding public key It proves the private key holder is trying to login maz@iij.ad.jp 12
13 Private key Key authentication is highly relying on the secrecy of a private key Keep it secure and secret Store it in a secure host only Set a passphrase to encrypt the private key file locally Decrypt and use it when needed You can change the passphrase anytime, and still the public key is the same and unchanged passphrase local encryption Private ~$HOME/.ssh/id_rsa 3egcXJ9dkdBNGGA maz@iij.ad.jp 13
14 Host authentication ~$HOME/.ssh/known_hosts username nonce host key Private Public server1 ssh_rsa AAAADG5ydd A ssh server has own key pair (host key) Sends the public key during session initialization A client stores the public keys in a file, and verifies and uses it during session setup On an UNIX, the file is $HOME/.ssh/known_hosts Used to decrypt information from the host maz@iij.ad.jp 14
15 During the initial connection $ ssh The authenticity of host ' ( )' can't be established. ECDSA key fingerprint is SHA256:WrHnt6dnAlhEZvBU5H5WGQUqIMrFFbL18LBGM3u/NrI. Are you sure you want to continue connecting (yes/no)? If you don t have the host key, clients ask you whether you trust the key or not yes if you are comfortable Or you can put the key into the file manually in advance maz@iij.ad.jp 15
16 When the host key doesn WARNING: REMOTE HOST IDENTIFICATION IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the ECDSA key sent by the remote host is SHA256:wqfhRI5/APqcB7Fl+aqB1Np3fkuBI6fVtD4Dms2sOu4. Please contact your system administrator. Add correct host key in /home/workshop/.ssh/known_hosts to get rid of this message. Offending ECDSA key in /home/workshop/.ssh/known_hosts:16 remove with: ssh-keygen -f "/home/workshop/.ssh/known_hosts" -R ECDSA host key for has changed and you have requested strict checking. Host key verification failed. It could be just reinstalled/replaced server But pay attention just in case maz@iij.ad.jp 16
17 ssh-agent Holds decrypted private key in the process and use it for authentication You do not need to type passphrase every time when logging in to a remote host During the startup process, you will be asked your passphrase to decrypt and store your private key ssh clients work with the agent nicely Use the agent on a trusted host only like your own local pc maz@iij.ad.jp 17
18 ssh implementations OpenSSH build in MacOS and most UNIX systems PuTTY For Windows and more! for androids, ios devices 18
19 Key algorithms rsa2048 is pretty common some routers support rsa1024 only for a paranoid rsa4098 ed25519 These should match with your server side capabilities maz@iij.ad.jp 19
20 Generating a key pair (UNIX) $ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/workshop/.ssh/id_rsa): <enter> Created directory '/home/workshop/.ssh'. Enter passphrase (empty for no passphrase): <your passphrase> Enter same passphrase again: <your passphrase again> Your identification has been saved in /home/workshop/.ssh/id_rsa. Your public key has been saved in /home/workshop/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Ew4VveDGVRoQLm6H4SDT1O3NwIg6drb+YNhw7m4Jg0I workshop@ws The key's randomart image is: +---[RSA 2048]----+.o +==... o. oo= oo o.o ++o*.. E+oo+ *=.+.o.+..=.s o o* =. o+. oo [SHA256] maz@iij.ad.jp 20
21 You have a key pair (UNIX) $ cd.ssh/ workshop@ws:~/.ssh$ ls -l total 8 -rw workshop workshop 1675 Nov 13 09:44 id_rsa <- your private key -rw-r--r-- 1 workshop workshop 392 Nov 13 09:44 id_rsa.pub <- your public key workshop@ws:~/.ssh$ cat id_rsa.pub ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMGJvtGry4Pgh9mvyRbuAUX961yR0YTmFc34LqKBUM0CYuZqu/uIyP4 J78rqshUMVWj15zTKlP+IRonYJS7idLKDuqvkm1oJXqYim+2TjeNY3rDSPchkt6xHTxKnmLglShBITrQr+h3jp NeRLaxlMStTx86opE4kPd2LF0Dv4w0RDQEz8A6yHS0d12ZNG4SPNomeuwPiZuRB6CPkFPwxR9PpEoYg0kq90Zl fx00ziajbkvd/u/g9t+ctrtns+3hsmhaaz6c04q6+caw6pr27t0ne+51rm7hrslwc0fwacbpf2tx8+were8u0h h4bjnm132lzvdyo99td4zx5pzwgv workshop@ws workshop@ws:~/.ssh$ maz@iij.ad.jp 21
22 Putting the key on the target host (UNIX) use a command for that $ ssh-copy-id <username>@<target_host> login the target host first, and edit the file $ mkdir -p ~/.ssh $ chmod 0700 ~/.ssh $ vi ~/.ssh/authorized_keys copy and paste your public key there Note: each public key should be one line in the file without CR/LF maz@iij.ad.jp 22
23 ssh key authentication (UNIX) $ ssh <username>@<target_host> OpenSSH client automatically use keys those have default notation in the ~/.ssh folder id_rsa, id_id_ecdsa, and so on maz@iij.ad.jp 23
24 Generating a key pair (Windows) 1. Download puttygen.exe and execute it 2. Pick parameters as you like (default setting is RSA2048 now), and Generate maz@iij.ad.jp 24
25 Generating a key pair (Windows) 3. Move your mouse in the blank area as the application says until it gets finished maz@iij.ad.jp 25
26 Generating a key pair (Windows) 4. Name and save your private key somewhere in your folder maz@iij.ad.jp 26
27 Generating a key pair (Windows) 5. Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All and copy the key 6. Open notepad, paste your public key, then save as a text file maz@iij.ad.jp 27
28 Putting the key on the target host (windows) Login the target host first, and edit the file $ mkdir -p ~/.ssh $ chmod 0700 ~/.ssh $ vi ~/.ssh/authorized_keys copy your key from the public key file type i on the ssh session window to insert new text in the file right click your mouse to paste your public key press Esc and type :wq then <enter> to overwrite the file and quit vi Note: each public key should be one line in the file without CR/LF maz@iij.ad.jp 28
29 ssh key authentication (Windows) 1. Set in the Host Name field 1 maz@iij.ad.jp 29
30 ssh key authentication (Windows) 2. Go to Connction -> ssh -> Auth 3. Browse and find your saved private key and set the file there 4. Open maz@iij.ad.jp 30
31 hands on 31
32 Setup Wireless SSID: workshop KEY: iij/2497 Account: user: workshop pass: iij/2497 VMs (Ubuntu host) group #1 should use group #2 should use , and so on 32
33 Download software (Windows) Go to the developer site of PuTTY ownload.html Download putty.exe (ssh/telnet client) puttygen.exe (ssh key generator) pagent.exe (ssh agent) pscp.exe (ssh file copy tool) 33
34 Exercise 1: ssh and password (Windows) Run putty.exe note: it s a portable application, so you don t need to install Set workshop@ x in the Host Name field note: x is your group # Click Open Password is iij/2497 exit the session maz@iij.ad.jp 34
35 Exercise 1: ssh and password (UNIX) Run Terminal app $ ssh workshop@ x note: x is your group # Password is iij/2497 maz@iij.ad.jp 35
36 Exercise 2: ssh and key (Windows) Generate your key pair and save them note: page Put your public key on the host note: page 28 note: remember Exercise 1 to login the host Login the host by using key authentication note: page Note: it will ask your passphrase to decrypt and use your private key maz@iij.ad.jp 36
37 Exercise 2: ssh and key (UNIX) Generate your key pair and save them note: page Put your public key on the host note: page 22 note: remember Exercise 1 to login the host Login the host by using key authentication note: page 23 Note: it will ask your passphrase to decrypt and use your private key maz@iij.ad.jp 37
38 Exercise 3: disabling password authentication on the host /etc/ssh/sshd_config PubkeyAuthentication yes # yes to enable public key authentication PasswordAuthentication no # yes to enable password authentication ChallengeResponseAuthentication no # This shuold be no as well Edit sshd configuration $ sudo vi /etc/ssh/sshd_config find PasswordAuthentication and change yes to no type x to delete single character on the cursor, i to insert new text there Press Esc and type :wq then <enter> to overwrite the file and quit vi Restart sshd $ sudo systemctl restart ssh.service ssh from the host to the host should be failed $ ssh x maz@iij.ad.jp 38
39 Exercise 4: ssh agent (Windows) Run pagent.exe note: it dose nothing at this moment, you will find an icon of a computer with a hat in your system tray Right click the icon in your system tray, and select Add Key, and open your private key file Enter your passphrase maz@iij.ad.jp 39
40 Exercise 4: ssh agent (Windows) Right click the pagent icon in your system tray, and select View Key, you should have your private key loaded there Login the host using the key as Exercise 2 again will not ask your passphrase maz@iij.ad.jp 40
41 Exercise 4: ssh agent (Mac) Run Terminal app $ ssh-add Enter your passphrase $ ssh workshop@ x Login the host using the key as Exercise 2 again will not ask your passphrase maz@iij.ad.jp 41
42 Exercise 4: ssh agent (UNIX) Run a terminal application $ ssh-agent <your shell> $ ssh-add Enter your passphrase Login the host using the key as Exercise 2 again will not ask your passphrase maz@iij.ad.jp 42
43 Exercise 5: file copy by pscp (Windows) Run cmd.exe Drag pscp.exe and drop it to the cmd window and enter <space> at the end of the line Drag your public key file and drop it to the cmd window and type <space> after that Type in the cmd window note: x is your group # > C: somewhere pscp.exe your public key file workshop@ x:/home/workshop/ Login to the host and type ls -l to check files. you should have your public key file there note: pscp.exe automatically works with pagent.exe maz@iij.ad.jp 43
44 Exercise 5: file copy by pscp (UNIX) run a terminal application $ scp <public keyfile> workshop@ x:~/ login to the host and type ls -l to check files. you should have your public key file there note: scp works with ssh-agent automatically maz@iij.ad.jp 44
45 Exercise 6: allow other users Get your neighbor s public key and add it to your host s authorized_keys You can ask to send the key somehow Think about good procedure like pgp signed message Note: authorized_keys can contain multiple keys, one line per key Ask your neighbor to login to your host maz@iij.ad.jp 45
Cryptography Application : SSH. Cyber Security & Network Security March, 2017 Dhaka, Bangladesh
Cryptography Application : SSH Cyber Security & Network Security 20-22 March, 2017 Dhaka, Bangladesh Issue Date: [31-12-2015] Revision: [v.1] What is Safely Authentication I am Assured of Which Host I
More informationWhat is Secure. Authenticated I know who I am talking to. Our communication is Encrypted
Crypto App - SSH 1 What is Secure Authenticated I know who I am talking to Our communication is Encrypted Telnet clear text Servers Terminal clear text Routers SSH encrypted channel encrypted text Servers
More informationSSH. What is Safely 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:
SSH 25-29 June 2018 PacNOG 22, Honiara, Solomon Islands Supported by: Issue Date: Revision: 1 What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows
More informationCryptography Application : SSH. 7 Sept 2017, Taichung, Taiwan
Cryptography Application : SSH 7 Sept 2017, Taichung, Taiwan What is Safely Authentication I am Assured of Which Host I am Talking With Authentication - The Host Knows Who I Am The Traffic is Encrypted
More informationThis is a guide about using Putty on Windows with OpenSSH on Linux. You would learn about how to:
1 of 7 5/16/2011 5:37 PM Submitted by: Man-wai CHANG Update by: Man-wai CHANG Date Submitted: 31 May 2006 Document Version: 1.0 Last Updated: 08/01/2010 13:48:54 Last Updated: 02/02/2008 23:46:43 This
More informationCryptography - SSH. Network Security Workshop May 2017 Phnom Penh, Cambodia
Cryptography - SSH Network Security Workshop 29-31 May 2017 Phnom Penh, Cambodia What is Safely Authentication I know who I am talking with Our communication is Encrypted Telnet Servers Terminal Routers
More informationCryptography - SSH. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea
Cryptography - SSH Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 What is Secure Authentication I know who I am talking to Our communication is Encrypted Telnet Servers Terminal
More information2-1-1 ssh Secure SHell
2-1-1 ssh Secure SHell Using Public Key Cryptography Keying, Key Exchange, and Session Setup 1 Communicate Safely with Remote Systems 2 What is Safely Authentication I am Assured of Which Host I am Talking
More informationLAB :: Secure SHell (SSL)
LAB :: Secure SHell (SSL) In this example we are using apnictraining.net as domain name. # super user command. $ normal user command. X replace with your group no. Username apnic and password training
More informationLinux Network Administration
Secure Remote Connections with OpenSSH Objective At the conclusion of this module, the student will be able to: Configure the ssh daemon start, stop, and restart sshd 17 January 2005 NETW 111 - SSH 2 SSH
More informationSSH and keys. Network Startup Resource Center
SSH and keys Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationFEPS. SSH Access with Two-Factor Authentication. RSA Key-pairs
FEPS SSH Access with Two-Factor Authentication RSA Key-pairs access.eps.surrey.ac.uk Contents: Introduction - 3 RSA Key-pairs - 3 Where can I use my RSA Key-Pair? - 3 Step 1 Prepare to generate your RSA
More information2-1-1 ssh Secure SHell
2-1-1 ssh Secure SHell Using Public Key Cryptography Keying, Key Exchange, and Session Setup Communicate Safely with Remote Systems What is Safely Authentication I am Assured of Which Host I am Talking
More informationSSH. Partly a tool, partly an application Features:
Internet security SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication
More informationProject #6: Using ssh, scp and sftp with Key-Based Authentication
Project #6: Using ssh, scp and sftp with Key-Based Authentication ssh, scp and sftp Going beyond Password Protection Creating Keys Creating Keys with a Passphrase Using Key-Based Authentication in Our
More informationSetting up a Chaincoin Masternode
Setting up a Chaincoin Masternode Introduction So you want to set up your own Chaincoin Masternode? You ve come to the right place! These instructions are correct as of April, 2017, and relate to version
More informationExpedition. Hardening Guide Version Palo Alto Networks, Inc.
Expedition Hardening Guide Version 1.0 1 Palo Alto Networks, Inc. www.paloaltonetworks.com 2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of Palo Alto Networks. You can find
More informationSome SSH tips & tricks you may enjoy (plus, iptables)
Some SSH tips & tricks you may enjoy (plus, iptables) D. H. van Dok (Nikhef) 2014-05-19 getting the most (security) out of your openssh The user s perspective: least amount of hassle tradeoff between anxiety,
More informationIntroduction to Linux Workshop 2. The George Washington University SEAS Computing Facility
Introduction to Linux Workshop 2 The George Washington University SEAS Computing Facility Course Goals SSH and communicating with other machines Public/Private key generation,.ssh directory, and the config
More informationPractical Magic with SSH. By David F. Skoll Roaring Penguin Software Inc. 1 February
Practical Magic with SSH By David F. Skoll Roaring Penguin Software Inc. 1 February 2001 http://www.roaringpenguin.com dfs@roaringpenguin.com Overview of Presentation Why SSH? Problems with Telnet & Friends
More informationSSH SECURITY. If you ve never used SSH before on a computer, the chances are very high that
SSH SECURITY If you ve never used SSH before on a computer, the chances are very high that when you tried to play along with the previous section you encountered a strange notification that may have looked
More informationAn Overview of SSH. Presentation to Linux Users of Victoria. Melbourne, August 26, 2017
An Overview of SSH Presentation to Linux Users of Victoria Melbourne, August 26, 2017 http://levlafayette.com Utilisation and Rationale The most common use of SSH (secure shell) is remote login access
More informationSiemens PLM Software. HEEDS MDO Setting up a Windows-to- Linux Compute Resource.
Siemens PLM Software HEEDS MDO 2018.04 Setting up a Windows-to- Linux Compute Resource www.redcedartech.com. Contents Introduction 1 On Remote Machine B 2 Installing the SSH Server 2 Configuring the SSH
More informationLECTURE 7. Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH. Marco Spaziani Brunella, Manuel Campo
LECTURE 7 Readings: - SSH: The Definitive Guide; D.J. Barret et al.; O Reilly Lecture outline: - SSH Remote Managing In real life, physical access to network nodes is not always an option. Often, we need
More informationMango AM335x (AM335X) Gbit. Lan 이용복사테스트. Crazy Embedded Laboratory
Mango AM335x (AM335X) Gbit Lan 이용복사테스트 http://www.mangoboard.com/ http://cafe.naver.com/embeddedcrazyboys Crazy Embedded Laboratory Document History Revision Date Change note 목차 1. 테스트환경... 3 2. 이더넷속도측정...
More informationSiemens PLM Software. HEEDS MDO Setting up a Windows-to- Windows Compute Resource.
Siemens PLM Software HEEDS MDO 2018.04 Setting up a Windows-to- Windows Compute Resource www.redcedartech.com. Setting up a Windows-to-Windows Compute Resource Contents Introduction 1 On Remote Machine
More informationSecurity with SSH. Network Startup Resource Center
Security with SSH Network Startup Resource Center http://www.nsrc.org/ These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationSecure SHell Explained!
Open Gurus How To Secure SHell Explained! Here re some insights into SSH (Secure Shell), an essential tool for accessing remote machines. S SH is used to access or log in to a remote machine on the network,
More informationKB How to upload large files to a JTAC Case
KB23337 - How to upload large files to a JTAC Case SUMMARY: This article explains how to attach/upload files larger than 10GB to a JTAC case. It also and describes what files can be attached/uploaded to
More informationEnable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018
Enable SSH Access on the Tenable Virtual Appliance (4.4.x-4.7.x) Last Revised: February 27, 2018 Table of Contents Introduction 3 Requirements 4 Terminology 5 Generate the Key File 6 Generate a Key for
More informationConfiguring SSH Public Key Authentication
6AOSCG0060-29A January 2014 Configuration Guide Configuring SSH Public Key Authentication This guide describes how to configure and use Secure Shell (SSH) public key authentication on products running
More informationIT Services Security. The Dark Arts Of SSH. Author: John Curran Version: 0.1
IT Services Security The Dark Arts Of SSH Author: John Curran Version: 0.1 STATUS\ REVISION HISTORY Date Version Description 0.1-0.9 Review preparation 1.0 Presented to business & retained by Information
More informationFile transfer clients manual File Delivery Services
File transfer clients manual File Delivery Services Publisher Post CH Ltd Information Technology Webergutstrasse 12 CH-3030 Berne (Zollikofen) Contact Post CH Ltd Information Technology Webergutstrasse
More informationSetting up PuTTY. Software* Download PuTTY 6/9/18. Microsoft Windows 7 (64-bit) PuTTY 0.70 (64-bit) PuTTYgen 0.70 (64-bit) WinSCP 5.13.
Software* Setting up PuTTY CTEC1767 Data Communications & Networking CTEC1863 Operating Systems CTEC1906 Internet Computing Microsoft Windows 7 (64-bit) PuTTY 0.70 (64-bit) PuTTYgen 0.70 (64-bit) WinSCP
More informationDefending Yourself Against The Wily Wireless Hacker
Defending Yourself Against The Wily Wireless Hacker Brian S. Walden NYCWireless Presentation October 27, 2004 http://wifidefense.cuzuco.com/ What You Expect Common Hacker Techniques Direct Break-In Man-In-The-Middle
More informationDue: October 8, 2013: 7.30 PM
Jackson State University Department of Computer Science CSC 437-01/539-01 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 1: Lab Project on using PGP GNU Privacy Guard (GPG)
More informationHOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS
HOW TO SECURELY CONFIGURE A LINUX HOST TO RUN CONTAINERS How To Securely Configure a Linux Host to Run Containers To run containers securely, one must go through a multitude of steps to ensure that a)
More informationCPSC 467: Cryptography and Computer Security
CPSC 467: Cryptography and Computer Security Michael J. Fischer Lecture 24a December 2, 2013 CPSC 467, Lecture 24a 1/20 Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management and Trusted
More informationSmartCash SmartNode SCRIPT Setup Guide v2.2. Windows 10. Date: 20/02/2018. By (Jazz) yoyomonkey
SmartCash SmartNode SCRIPT Setup Guide v2.2 Date: Introduction Welcome to this step by step guide that will take you through the process of creating your own SmartCash SmartNode. This guide is aimed at
More informationConfigure HOSTNAME by adding the hostname to the file /etc/sysconfig/network. Do the same to all the other 3(4) nodes.
Network setup As the root user execute the command "ifconfig" on each host. Take a note of ipaddress's of all machines I have a home LAN so my addresses are class C which might be in the format 192.168.192.x.
More informationSetting up PuTTY. CTEC1767 Data Communications & Networking CTEC1863 Operating Systems CTEC1906 Internet Computing
Setting up PuTTY CTEC1767 Data Communications & Networking CTEC1863 Operating Systems CTEC1906 Internet Computing Version 2.0 Updated for 2017 Winter Software* Microsoft Windows 7 (64-bit) PuTTY 0.67 PuTTYgen
More informationTable of Contents 1 SSH Configuration 1-1
Table of Contents 1 SSH Configuration 1-1 SSH Overview 1-1 Introduction to SSH 1-1 Algorithm and Key 1-1 Asymmetric Key Algorithm 1-2 SSH Operating Process 1-2 Configuring the SSH Server 1-4 SSH Server
More informationSmartCash SmartNode Setup Guide v1.2. Windows 10. Date: 13/01/2018. By (Jazz) yoyomonkey
SmartCash SmartNode Setup Guide v1.2 Date: Introduction Welcome to this step by step guide that will take you through the process of creating your own SmartCash SmartNode. This guide is aimed at the casual
More informationSetting up my Dev Environment ECS 030
Setting up my Dev Environment ECS 030 1 Command for SSHing into a CSIF Machine If you already have a terminal and already have a working ssh program (That is, you type ssh into the terminal and it doesn
More informationSmartCash SmartNode Setup Guide V1.2 Windows 10 13/01/2018 By (Jazz) yoyomonkey Page 1
SmartCash SmartNode Setup Guide v1.2 Date: Introduction Welcome to this step by step guide that will take you through the process of creating your own SmartCash SmartNode. This guide is aimed at the casual
More informationWorkshop on Genomics 2018
Instructors Workshop on Genomics 2018 Connecting to the cloud and starting an instance. Guy Leonard - guy.leonard@gmail.com Workshop Team Objectives By the end of this session, you will be expected to
More informationContents. Configuring SSH 1
Contents Configuring SSH 1 Overview 1 How SSH works 1 SSH authentication methods 2 SSH support for Suite B 3 FIPS compliance 3 Configuring the device as an SSH server 4 SSH server configuration task list
More informationConfigure HOSTNAME by adding the hostname to the file /etc/sysconfig/network. Do the same to all the all nodes.
Network setup As the root user execute the command "ifconfig" on each host. Take a note of ipaddress's of all machines I have a home LAN so my addresses are class C which might be in the format 192.168.192.x.
More informationBuild your own Lightweight Webserver - Hands-on I - Information Network I. Marius Georgescu. Internet Engineering Laboratory. 17 Apr
Build your own Lightweight Webserver - Hands-on I - Information Network I Marius Georgescu Internet Engineering Laboratory 17 Apr. 2015 iplab Prerequisites Prerequisites Download and Install VirtualBox
More informationUsing keys with SSH Rob Judd
Using keys with SSH Rob Judd (rjudd@mlug.missouri.edu) Introduction SSH is a drop-in replacement for telnet that allows encrypted network connections. There are two main versions, 1.5 SSH-1 and 2.0 SSH-2
More informationTELE301 Lab16 - The Secure Shell
TELE301 Lab16 - The Secure Shell Department of Telecommunications May 7, 2002 Contents 1 Introduction 2 2 OpenSSH 2 3 Replacing Telnet 2 4 Logging in without a password 2 5 SSH Agent 3 5.1 SSH Add..............................
More informationLinux Introduction to Linux
Linux Introduction to Linux Most computational biologists use either Apple Macs or Linux machines. There are a couple of reasons for this: * Much of the software is free * Many of the tools require a command
More informationLinux Systems Security. Access Control and Authentication NETS1028 Fall 2016
Linux Systems Security Access Control and Authentication NETS1028 Fall 2016 Access Control Authenticating users is the act of trying to verify that a user is who they claim to be We generally rely on the
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationUsing RANCID. Contents. 1 Introduction Goals Notes Install rancid Add alias Configure rancid...
Using RANCID Contents 1 Introduction 2 1.1 Goals................................. 2 1.2 Notes................................. 2 2 Install rancid 2 2.1 Add alias............................... 3 2.2 Configure
More informationSSH Configuration. Page 1 of 8
SSH Configuration Page 1 of 8 Contents Chapter 1 SSH Terminal Services...3 1.1 Introduction to SSH... 3 1.2 SSH Server Configuration... 4 1.3 Log in Switch from SSH Client... 4 1.4 SSH Server Configuration
More informationMarketC - Masternode Setup Guide
MarketC - Masternode Setup Guide Preface In this guide we will be focusing on setting up a masternode for Marketc (CMK). This guide will focus on a typical "hot node" / "cold wallet" scenario. The "hot
More informationMan In The Middle Project completed by: John Ouimet and Kyle Newman
Man In The Middle Project completed by: John Ouimet and Kyle Newman What is MITM? Man in the middle attacks are a form of eves dropping where the attacker relays messages that are sent between victims
More informationBR*Tools Studio 7.10 for Oracle Multi-instance Server Standalone Part 2: Server, Database Instances and their Users
BR*Tools Studio 7.10 for Oracle Multi-instance Server Standalone Part 2: Server, Database Instances and their Users Applies to: SAP BR*Tools Studio 7.10(2) for Oracle DBA on Unix/Linux with examples on
More informationSecurity with SSH. SANOG VI IP Services Workshop. Hervey Allen
Security with SSH SANOG VI IP Services Workshop Hervey Allen Topics Where to get SSH (Secure SHell) How to enable and configure SSH Where to get SSH clients for Windows Authentication of the server to
More informationAnalyse your attacker s vectors with an SSH Honey Pot
Analyse your attacker s vectors with an SSH Honey Pot Be Safe Remember running a Honey Pot is all about letting the bad guys in, therefore you ll want to take steps to ensure the Honey Pot has no way of
More informationTopics. Security with SSH. Cryptographic Methods and Apps. SSH Application Layer Security
Security with SSH SANOG VI IP Services Workshop Hervey Allen Topics Where to get SSH (Secure SHell) How to enable and configure SSH Where to get SSH clients for Windows Authentication of the server to
More informationUNIVERSITY OF CYPRUS Computer Science Department
UNIVERSITY OF CYPRUS Computer Science Department ΕΠΛ 660 Information Retrieval and Search Engines A guide for connecting to LInC 1 -powered cloud-based Virtual Machines Lab instructor: Pavlos Antoniou
More informationSEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security
SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security Consider 2. Based on DNS, identified the IP address of www.cuhk.edu.hk is 137.189.11.73. 1. Go to http://www.cuhk.edu.hk 3. Forward the
More informationAnvil: HCC's Cloud. June Workshop Series - June 26th
Anvil: HCC's Cloud June Workshop Series - June 26th Anvil: HCC's Cloud OpenStack Cloud Resource offering customizable virtual machines For projects not well served by a traditional Linux environment: Software
More informationTutorial: SSH. Secure SHell: Connect remotely anything, anywhere. UL High Performance Computing (HPC) Team Sebastien Varrette
Secure SHell: Connect remotely anything, anywhere UL High Performance Computing (HPC) Team Sebastien Varrette University of Luxembourg (UL), Luxembourg http://hpc.uni.lu 1 / 26 Summary 1 Introduction 2
More informationCENG 334 Computer Networks. Laboratory I Linux Tutorial
CENG 334 Computer Networks Laboratory I Linux Tutorial Contents 1. Logging In and Starting Session 2. Using Commands 1. Basic Commands 2. Working With Files and Directories 3. Permission Bits 3. Introduction
More informationSetting up PuTTY. Version Updated for 2015 Fall (with corrections)
Setting up PuTTY CTEC1330 Data and Telecommunications CTEC1767 Data Communications & Networking I CTEC1863 Operating Systems CTEC1906 Internet Computing Version 1.9.2 Updated for 2015 Fall (with corrections)
More informationSetting up PuTTY. Software* Downoad PuTTY. Download PuTTY Download the putty.zip file. It contains several programs for SSH, SFTP, and SCP.
Software* Setting up PuTTY Microsoft Windows 7 PuTTY 0.65 PuTTYgen 0.65 WinSCP 5.7.5 CTEC1330 Data and Telecommunications CTEC1767 Data Communications & Networking I CTEC1863 Operating Systems CTEC1906
More informationAllinea DDT Debugger. Dan Mazur, McGill HPC March 5,
Allinea DDT Debugger Dan Mazur, McGill HPC daniel.mazur@mcgill.ca guillimin@calculquebec.ca March 5, 2015 1 Outline Introduction and motivation Guillimin login and DDT configuration Compiling for a debugger
More informationThe Unix Shell. The Secure Shell
The The Copyright Software Carpentry 2011 This work is licensed under the Creative Commons Attribution License See http://software-carpentry.org/license.html for more information. $ pwd shell $ pwd /users/vlad
More informationLab E2: bypassing authentication and resetting passwords
Lab E2: bypassing authentication and resetting passwords TTM4175 September 7, 2015 The purpose of this lab is to learn about techniques for bypassing the authentication and access control of Windows and
More informationwritten by ssh Nikkei Linux
written by ssh Nikkei Linux 2000.12 149 shell stream tcp nowait root /usr/sbin/tcpd in.rshd login stream tcp nowait root /usr/sbin/tcpd in.rlogind # ssh if [ -x /usr/sbin/sshd ] then /usr/sbin/sshd fi
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationSupercomputing environment TMA4280 Introduction to Supercomputing
Supercomputing environment TMA4280 Introduction to Supercomputing NTNU, IMF February 21. 2018 1 Supercomputing environment Supercomputers use UNIX-type operating systems. Predominantly Linux. Using a shell
More informationThis document is intended to help you connect to the CVS server on a Windows system.
Sourceforge CVS Access Sourceforge CVS Access... 1 Introduction... 1 Tools... 1 Generate Public / Private Keys... 1 Configuring Sourceforge Account... 4 Loading Private Keys for Authentication... 7 Testing
More informationHow to Enable SFTP on MPE
How to Enable SFTP on MPE an Allegro Consultants Whitepaper some acknowledgements and a list of prerequisites. That we can run SFTP on MPE is due to the outstanding efforts of folks like Mark Klein, Mark
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationKey File Generation. November 14, NATIONAL STUDENT CLEARINGHOUSE 2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171
Key File Generation NATIONAL STUDENT CLEARINGHOUSE 2300 Dulles Station Blvd., Suite 220, Herndon, VA 20171 Table of Contents Introduction... 2 PuTTY Installation... 2 Key Generation... 7 Configuring PuTTY
More informationJackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan
Jackson State University Department of Computer Science CSC 437-01/539-01 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 2: Running Secure Shell (SSH) Server in a Virtual
More informationFundamentals of Linux Platform Security
Fundamentals of Linux Platform Security Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Linux Platform Security Module 9 Application Security Roadmap ssh SSL IPsec & VPNs
More informationUsing.htaccess to Restrict Access to OU Directories
Using.htaccess to Restrict Access to OU Directories Last Updated: 7/8/15/ by lucero@uark.edu Webmasters can place.htaccess files in any directory in OU or on Cavern to restrict access. The two examples
More informationAliases are set manually or in a login script. Aliases that were set manually will be gone the next time you login.
Page 1 and 2: question without commands. Page 3 7 : questions with answers. Aliases are set manually or in a login script. Aliases that were set manually will be gone the next time you login. 1. List your
More informationContents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4
Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 SSL/TLS Security Level 5 A Note
More informationFirst Alternative. S11B Rev Networking
Openstack-related topics - EVS There are two management components to EVS, which are configured on the physical host(s):- * EVS Manager - the administrative function that is used to configure and manage
More informationUsing Encryption CHAPTER. In this chapter, you will learn about How encryption works Encrypting remote access with OpenSSH Encrypting Linux files
Using Encryption 18 CHAPTER In this chapter, you will learn about How encryption works Encrypting remote access with OpenSSH Encrypting Linux files As mentioned at the beginning of the preceding chapter,
More informationOperation Manual SSH H3C S3610&S5510 Series Ethernet Switches. Table of Contents
Table of Contents Table of Contents... 1-1 1.1 SSH Overview... 1-1 1.2 Configuring the SSH Server... 1-5 1.2.1 Enabling SSH Server... 1-5 1.2.2 Configuring the Protocols for the SSH Client User Interface
More informationNoMachine NX Client Configuration Guide
NoMachine NX Client Configuration Guide Configuration steps for ssh key login Step 1: NoMachine NX requires keys in OpenSSH format, therefore the existing key needs to be converted into OpenSSH format.
More informationbî~äì~íáåö=oéñäéåíáçå=ñçê=péåìêé=fq `äáéåí=~åç=péêîéê=ñçê=rkfu
bî~äì~íáåö=oéñäéåíáçå=ñçê=péåìêé=fq `äáéåí=~åç=péêîéê=ñçê=rkfu Reflection for Secure IT......Secure Shell backed by service You re ready to get serious about security, and Reflection for Secure IT can
More informationUnit: Making a move (using FTP)
Data Introduction to Unix and HPC (HPC for Wimps) Unit: Making a move (using FTP) Goals: Can login via Secure FTP and see home directory. Can transfer a file from local machine via FTP to home directory.
More informationLab 0: Intro to running Jupyter Notebook on a Raspberry Pi
Lab 0: Intro to running Jupyter Notebook on a Raspberry Pi Nick Antipa, Li-Hao Yeh, based on labs by Jon Tamir and Frank Ong January 24, 2018 This lab will walk you through setting up your Raspberry Pi
More informationUsing RDP with Azure Linux Virtual Machines
Using RDP with Azure Linux Virtual Machines 1. Create a Linux Virtual Machine with Azure portal Create SSH key pair 1. Install Ubuntu Bash shell by downloading and running bash.exe file as administrator.
More informationUsing a Linux System 6
Canaan User Guide Connecting to the Cluster 1 SSH (Secure Shell) 1 Starting an ssh session from a Mac or Linux system 1 Starting an ssh session from a Windows PC 1 Once you're connected... 1 Ending an
More informationVirtual Machine Connection Guide for AWS Labs
Virtual Machine Connection Guide for AWS Labs Thank you for participating in our hands-on workshop. We are glad to have you in our class! This class relies on our accompanying lab environment which provides
More informationLecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005
Lecture 30 Security April 11, 2005 Cryptography K A ciphertext Figure 7.3 goes here K B symmetric-key crypto: sender, receiver keys identical public-key crypto: encrypt key public, decrypt key secret Symmetric
More informationIf you prefer to use your own SSH client, configure NG Admin with the path to the executable:
Each Barracuda NG Firewall system is routinely equipped with an SSH daemon listening on TCP port 22 on all administrative IP addresses (the primary box IP address and all other IP addresses that administrative
More informationUL HPC School 2017[bis] PS1: Getting Started on the UL HPC platform
UL HPC School 2017[bis] PS1: Getting Started on the UL HPC platform UL High Performance Computing (HPC) Team C. Parisot University of Luxembourg (UL), Luxembourg http://hpc.uni.lu 1 / 34 Latest versions
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13
CIS 551 / TCOM 401 Computer and Network Security Spring 2006 Lecture 13 Announcements Talk today: 3:00 Wu & Chen Auditorium Boon Thau Loo "Declarative Networking: Extensible Networks with Declarative Queries"
More informationWeb Portal User Guide Leap GIO Public. Leap GIO Public. New Generation - Web Portal User Guide. Copyright 2017 by Leap Solutions Asia Co., Ltd.
New Generation - Web Portal User Guide 1 Page Contents 1 General... 3 1.1 Overview... 3 1.2 Definition... 3 1.3 Access the Web Portal... 3 2 Sign-Up... 4 2.1 Personal Account... 4 2.2 Corporate Account...
More informationCIS 76 Ethical Hacking Building an open source Pentest Sandbox, carrying out a Remote Code Execution exploit, and Remediating the RCE vulnerability.
CIS 76 Ethical Hacking Building an open source Pentest Sandbox, carrying out a Remote Code Execution exploit, and Remediating the RCE vulnerability. Ryan Borden December 3, 2017 Contact: ryanborden81@gmail.com
More information